惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

aimingoo的专栏
aimingoo的专栏
量子位
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
Schneier on Security
Cisco Talos Blog
Cisco Talos Blog
T
ThreatConnect
J
Java Code Geeks
博客园 - 司徒正美
A
Arctic Wolf
T
True Tiger Recordings
C
Cybersecurity and Infrastructure Security Agency CISA
Cyberwarzone
Cyberwarzone
Know Your Adversary
Know Your Adversary
T
Threat Research - Cisco Blogs
V
Vulnerabilities – Threatpost
Recorded Future
Recorded Future
P
Palo Alto Networks Blog
The Hacker News
The Hacker News
The Register - Security
The Register - Security
S
Securelist
www.infosecurity-magazine.com
www.infosecurity-magazine.com
C
CXSECURITY Database RSS Feed - CXSecurity.com
Application and Cybersecurity Blog
Application and Cybersecurity Blog
I
Intezer
P
Privacy & Cybersecurity Law Blog
Scott Helme
Scott Helme
K
Kaspersky official blog
博客园 - 聂微东
Last Week in AI
Last Week in AI
V
V2EX
小众软件
小众软件
F
Fox-IT International blog
Martin Fowler
Martin Fowler
Apple Machine Learning Research
Apple Machine Learning Research
T
Tenable Blog
F
Future of Privacy Forum
Microsoft Security Blog
Microsoft Security Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
腾讯CDC
Stack Overflow Blog
Stack Overflow Blog
C
Check Point Blog
阮一峰的网络日志
阮一峰的网络日志
GbyAI
GbyAI
T
Threatpost
I
InfoQ
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
Tor Project blog
G
GRAHAM CLULEY
D
DataBreaches.Net

Recent Commits to openclaw:main

fix(kilocode): normalize string stop param to array in stream wrapper… Doctor: expose shell completion health findings (#85566) · openclaw/openclaw@dc17412 fix(agents): honor effective exec policy for Claude live Bash (#86330) fix(test): stabilize e2e runtime imports fix(test): clean plugin gauntlet temp roots test(crabbox): tolerate Windows shell capture fix(qa): extend config mutation Windows budget fix(qa): settle restart races with live budget · openclaw/openclaw@2cac9e5 fix(crabbox): sync full sparse lease runs fix(qa): extend config cleanup Windows budget fix(sessions): stop doctor OOM on large session stores and reclaim st… · openclaw/openclaw@89aea9b fix(ollama): strip inline kimi cloud reasoning leak (#86515) fix(discord): merge media captions into one message (#86487) · openclaw/openclaw@bc10fad fix(utils): clamp fetch timeout timers (#85985) fix(ui): preserve user code block rendering (#85942) fix(memory): prevent silent vector index degradation when embedding p… docs: clarify agent transcript placeholders · openclaw/openclaw@8da8bc4 test(qa): annotate live transport RTT measurements · openclaw/openclaw@bb6f37e fix(qqbot): derive outbound watchdog from configured timeouts (#85267… · openclaw/openclaw@aa702cf fix(test): clean kitchen sink rpc temp state · openclaw/openclaw@6f695c1 fix: quiet missing daily memory reads fix: tighten empty plugin registry reuse · openclaw/openclaw@026cfb6 perf: speed up agent transcript lookup · openclaw/openclaw@e7ad116 fix: guard QMD session stem fallback (#86482) · openclaw/openclaw@2e3b59b Guard OpenAI chat payload turns (#86497) · openclaw/openclaw@489e415 fix(gateway): keep session tool mirrors under pressure · openclaw/openclaw@459e89a docs: route github creation through agent transcript test(tools): add unmocked image custom-provider auth regression (#85733) · openclaw/openclaw@f0bfb3f refactor(plugin-sdk): rename plain text tool-call compat wrapper docs(skills): defer private release locators · openclaw/openclaw@23d38e4 Replace Sharp image backend with Photon (#86437) · openclaw/openclaw@b9f975b fix(agents): release embedded-attempt session lock on every exit path… · openclaw/openclaw@32ddfc2 fix: accept OpenClaw voice wake confusions (#86507) fix(crabbox): bootstrap macos js toolchain chore: add agent transcript skill · openclaw/openclaw@d63e8d4 fix(gateway): dedupe session tool fanout · openclaw/openclaw@89a21db fix: Hook ingress token unlocks password-mode gateway auth (#86453) · openclaw/openclaw@d51f268 fix #86077: keep fallback errors candidate scoped (#86134) · openclaw/openclaw@d6b7fe8 fix(diagnostics): reclaim wedged session lanes with a stale leaked ac… · openclaw/openclaw@6f76d9f fix: derive plugin media trust from metadata (#86410) · openclaw/openclaw@e761eb8 fix(media-understanding): normalize HEIC before image descriptions (#… · openclaw/openclaw@75c7236 fix: accept leading fuzzy Discord voice wake names (#86484) · openclaw/openclaw@8fe4f34 feat: promote provider tool call stream wrapper (#86489) fix(test): dedupe kitchen sink command assertions test: derive deprecated sdk usage guard (#86403) fix(qa): extend memory fallback Windows budget fix(ui): move control ui chunking helper out of runtime source · openclaw/openclaw@968c87d fix: quiet retained lost task noise (#86475) fix(build): keep control ui chunking out of deadcode · openclaw/openclaw@dc26069 fix: rotate realtime voice sessions on max duration · openclaw/openclaw@dc2c4aa fix(test): stream bundled plugin sweep logs · openclaw/openclaw@fc3cd49 docs: add bugfix changelog credits · openclaw/openclaw@2e7e4bc fix(models): show oauth marker auth status (#86378) · openclaw/openclaw@a6df39d fix: seed cron task progress summaries (#86313) · openclaw/openclaw@92afd8b fix(update): exclude prerelease tags from stable git channel (#86260) · openclaw/openclaw@28f169b fix(doctor): warn and continue when cron job store is unreadable (#86… fix(gateway): clear runtime config snapshot before in-process restart… · openclaw/openclaw@90caa3b fix(scripts): restore sparse crabbox changed gates · openclaw/openclaw@d270879 fix(build): support Windows UI builds · openclaw/openclaw@0bb9b42 Fix local embedding worker safety (#85348) · openclaw/openclaw@7ff29a9 fix(ui): scope chat session picker to active agent (#85965) · openclaw/openclaw@70c7d6f [codex] improve iOS realtime talk mode (#86355) · openclaw/openclaw@9ca52ce fix(scripts): dedupe docker lane resources · openclaw/openclaw@5e94469 docs: add code size guidance · openclaw/openclaw@9a60fcf fix(test): avoid source gateway import in rpc walk · openclaw/openclaw@e9b8a6e docs: add bugfix changelog entries · openclaw/openclaw@f950132 Fix heartbeat response loop guard (#86324) (#86357) · openclaw/openclaw@e2c174e fix(memory-core): filter REM dreaming candidates to light-staged entr… · openclaw/openclaw@8b42771 fix(telegram): propagate forum topic names into agent context (#86299) fix(slack): keep downloaded files out of reply media (#86318) · openclaw/openclaw@2fcd481 fix(cron): accept plus durations for one-shot jobs (#86341) · openclaw/openclaw@9239f94 fix(plugins): clear metadata memo at lifecycle boundaries · openclaw/openclaw@e7c696a chore(skills): normalize release skill routing · openclaw/openclaw@4737e19 docs(release): require early performance regression check · openclaw/openclaw@0336938 fix(qa): capture Windows gateway metrics · openclaw/openclaw@9afbfc1 feat(qa): add coverage scenario matching · openclaw/openclaw@a1fe86a fix(perf): avoid duplicate docker package ui build build: enable modern TypeScript module syntax · openclaw/openclaw@bbc1772 ci: include performance evidence in release validation fix(providers): stream ordinary tool-like prose promptly fix(perf): harden gateway restart bench exits · openclaw/openclaw@82bbcf6 fix(gateway): gate talk secret bootstrap handoff (#85690) · openclaw/openclaw@c791e42 fix: suppress async media incomplete-turn errors (#85933) · openclaw/openclaw@35dcd42 migrate auth credentials · openclaw/openclaw@f036bac fix migrate auth lint · openclaw/openclaw@50e6cb0 fix migrate supported auth imports · openclaw/openclaw@44bb2be fix migrate auth opt-out precedence · openclaw/openclaw@2016a51 honor migrate auth opt-out in plan · openclaw/openclaw@17edec7 address migrate auth review comments · openclaw/openclaw@0a98c2d fix ci blockers for migrate auth docs: add migrate auth changelog (#85667) · openclaw/openclaw@f7fcbdb fix(scripts): avoid duplicate install smoke ui build · openclaw/openclaw@b1b2841 fix(telegram): preserve inbound text entities (#83873) · openclaw/openclaw@b552919 chore: ignore Python bytecode caches · openclaw/openclaw@b6b2755 fix: make autoreview progress visible · openclaw/openclaw@236edb2 ci(release): fix plugin prerelease extension batch invocation test(telegram): provide topic cache store in message context harness · openclaw/openclaw@ff1fde1 test(agents): complete provider runtime test mocks · openclaw/openclaw@be8cd12 test(telegram): type topic cache harness store · openclaw/openclaw@84ab206 test(agents): sync provider runtime mocks · openclaw/openclaw@a289dd9
perf: cache plugin package realpaths (#86517) · openclaw/openclaw@69d728a
steipete · 2026-05-25 · via Recent Commits to openclaw:main

@@ -17,7 +17,7 @@ import {

1717

type PackageManifest,

1818

type PluginPackageChannel,

1919

} from "./manifest.js";

20-

import { isPathInsideWithRealpath, safeRealpathSync } from "./path-safety.js";

20+

import { isPathInside, safeRealpathSync } from "./path-safety.js";

2121

import { tracePluginLifecyclePhase } from "./plugin-lifecycle-trace.js";

2222

import {

2323

normalizePluginDependencySpecs,

@@ -33,18 +33,22 @@ function isRelativePathInsideOrEqual(relativePath: string): boolean {

3333

);

3434

}

353536-

function resolvePackageJsonPath(record: InstalledPluginIndexRecord): string | undefined {

36+

function resolvePackageJsonPath(

37+

record: InstalledPluginIndexRecord,

38+

realpathCache: Map<string, string>,

39+

): string | undefined {

3740

if (!record.packageJson?.path) {

3841

return undefined;

3942

}

4043

const rootDir = resolveInstalledPluginRootDir(record);

41-

const realRootDir = safeRealpathSync(rootDir) ?? path.resolve(rootDir);

44+

const realRootDir = safeRealpathSync(rootDir, realpathCache) ?? path.resolve(rootDir);

4245

const packageJsonPath = path.resolve(realRootDir, record.packageJson.path);

4346

const relative = path.relative(realRootDir, packageJsonPath);

4447

if (!isRelativePathInsideOrEqual(relative)) {

4548

return undefined;

4649

}

47-

if (!isPathInsideWithRealpath(realRootDir, packageJsonPath)) {

50+

const packageJsonRealPath = safeRealpathSync(packageJsonPath, realpathCache);

51+

if (!packageJsonRealPath || !isPathInside(realRootDir, packageJsonRealPath)) {

4852

return undefined;

4953

}

5054

return packageJsonPath;

@@ -63,6 +67,7 @@ function safeFileSignature(filePath: string | undefined): string | undefined {

6367

}

64686569

function buildInstalledManifestRegistryIndexKey(index: InstalledPluginIndex) {

70+

const realpathCache = new Map<string, string>();

6671

return {

6772

version: index.version,

6873

hostContractVersion: index.hostContractVersion,

@@ -72,7 +77,7 @@ function buildInstalledManifestRegistryIndexKey(index: InstalledPluginIndex) {

7277

installRecords: index.installRecords,

7378

diagnostics: index.diagnostics,

7479

plugins: index.plugins.map((record) => {

75-

const packageJsonPath = resolvePackageJsonPath(record);

80+

const packageJsonPath = resolvePackageJsonPath(record, realpathCache);

7681

return {

7782

pluginId: record.pluginId,

7883

packageName: record.packageName,

@@ -359,7 +364,10 @@ function normalizePersistedPackageChannel(value: unknown): PluginPackageChannel

359364

return channel;

360365

}

361366362-

function resolveInstalledPackageMetadata(record: InstalledPluginIndexRecord): {

367+

function resolveInstalledPackageMetadata(

368+

record: InstalledPluginIndexRecord,

369+

realpathCache: Map<string, string>,

370+

): {

363371

packageManifest?: OpenClawPackageManifest;

364372

packageDependencies?: PluginDependencySpecMap;

365373

packageOptionalDependencies?: PluginDependencySpecMap;

@@ -370,7 +378,9 @@ function resolveInstalledPackageMetadata(record: InstalledPluginIndexRecord): {

370378

channel: recordPackageChannel,

371379

}

372380

: undefined;

373-

const packageJsonPath = record.packageJson?.path ? resolvePackageJsonPath(record) : undefined;

381+

const packageJsonPath = record.packageJson?.path

382+

? resolvePackageJsonPath(record, realpathCache)

383+

: undefined;

374384

if (!packageJsonPath) {

375385

return fallbackPackageManifest ? { packageManifest: fallbackPackageManifest } : {};

376386

}

@@ -409,9 +419,12 @@ function resolveInstalledPackageMetadata(record: InstalledPluginIndexRecord): {

409419

return fallbackPackageManifest ? { packageManifest: fallbackPackageManifest } : {};

410420

}

411421412-

function toPluginCandidate(record: InstalledPluginIndexRecord): PluginCandidate {

422+

function toPluginCandidate(

423+

record: InstalledPluginIndexRecord,

424+

realpathCache: Map<string, string>,

425+

): PluginCandidate {

413426

const rootDir = resolveInstalledPluginRootDir(record);

414-

const packageMetadata = resolveInstalledPackageMetadata(record);

427+

const packageMetadata = resolveInstalledPackageMetadata(record, realpathCache);

415428

return {

416429

idHint: record.pluginId,

417430

source: record.source ?? resolveFallbackPluginSource(record),

@@ -452,6 +465,7 @@ export function loadPluginManifestRegistryForInstalledIndex(params: {

452465

}

453466

const env = params.env ?? process.env;

454467

const pluginIdSet = params.pluginIds?.length ? new Set(params.pluginIds) : null;

468+

const realpathCache = new Map<string, string>();

455469

const diagnostics = pluginIdSet

456470

? params.index.diagnostics.filter((diagnostic) => {

457471

const pluginId = diagnostic.pluginId;

@@ -461,7 +475,7 @@ export function loadPluginManifestRegistryForInstalledIndex(params: {

461475

const candidates = params.index.plugins

462476

.filter((plugin) => params.includeDisabled || plugin.enabled)

463477

.filter((plugin) => !pluginIdSet || pluginIdSet.has(plugin.pluginId))

464-

.map(toPluginCandidate);

478+

.map((plugin) => toPluginCandidate(plugin, realpathCache));

465479

return loadPluginManifestRegistry({

466480

config: params.config,

467481

workspaceDir: params.workspaceDir,

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。